|UNIVERISTY OF STRATHCLYDE LAW CLINIC – PRIVACY NOTICE|
The University of Strathclyde is committed to transparency and to complying with its responsibilities under data protection legislation. This privacy notice sets out important information regarding how we will use your information and your rights under the legislation.
The General Data Protection Regulation (GDPR) is a new piece of legislation coming into force on 25 May 2018. This notice is intended to meet the new transparency requirements of GDPR and to ensure that all service users of the University of Strathclyde Law Clinic understand how their data will be used.
Who will process my personal information?
Under data protection legislation the University is the ‘data controller’. This means that the University is responsible for how it uses and processes your personal data and for complying with requests from you in relation to your personal data, where appropriate under the legislation.
How we use your information
Once you contact the Law Clinic for advice, we will process the information you provide us with and any supporting documents provided as part of the enquiry process. We will seek your consent to process your personal data to:-
· Assess whether we can provide you with any advice and/or information
· Gather relevant information relating to your enquiry
· Manage all aspects of your enquiry including carrying out a conflict of interest check
· Advise you on the establishment, exercise or defence of legal claims
What information about you do we collect and use?
When you contact the Law Clinic we will complete an enquiry form which contains details of your address, contact numbers and some information on the issue you need advice on.
‘Special category’ personal data relating to race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life; or sexual orientation may also be processed, where it is appropriate and lawful for us to do so. In most cases we will seek your consent to do so.
What happens to my data when I’m no longer a member?
We will retain your personal data for 12 months after your enquiry has been dealt with to allow us to complete conflict of interest checks.
Is my data secure?
Your personal data will be managed securely and held on University servers and within a case management system provided by a third party, Clipped UK Ltd, who are based in the UK. Access will be restricted to only those staff, student advisors or authorised agents who require it and on a ‘need to know’ basis. The University will employ any technical and organisational measures necessary to ensure the security of your data. You can find more information about our Information Security policies on our website.
You have the right to:
· Find out what personal data we process about you and obtain a copy of the data, free of charge within one month of your request. We may make a charge for additional copies of the same information;
· Ask us to correct inaccurate or incomplete data.
If you think we are acting unfairly or unlawfully you can:
· Object to the way we are using your data;
· Complain to the UK Information Commissioner’s Office.
Under certain conditions you also have the right to ask us to:
· Restrict the use of your data e.g. if you have raised issues about the accuracy or use of your personal data, until we have investigated and responded to your concerns;
· Erase your information or tell us to stop using it to make decisions about you;
· Comply with your wishes where you have previously agreed to us processing your data for a particular purpose and have withdrawn your consent to further processing;
· Provide you with a portable electronic copy of data you’ve given us.
Please contact us here if you wish to exercise/enquire about any of these rights.